hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-17 00:14:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,679 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Grzegorz Golawski
df9921f870 Update according to the review comments 2020-05-07 23:19:13 +02:00
Geoffrey White
bff97d9fe5 C++: Effect of #3382. 2020-05-07 19:06:05 +01:00
Geoffrey White
6499197087 C++: Add a test of TOCTOUFilesystemRace.ql. 2020-05-07 19:03:32 +01:00
Robert Marsh
761e3186f5 Merge pull request #3426 from MathiasVP/test-3110 
C++: Add testcase for #3110
 2020-05-07 10:40:12 -07:00
Jason Reed
01eeebc068 Java: Refactor definitions query, add queries for ide search 
This enables jump-to-definition and find-references in the VS Code
extension, for Java source archives.
 2020-05-07 12:44:36 -04:00
Jason Reed
48e4079c64 JS: Refactor definitions query, add queries for ide search 
This enables jump-to-definition and find-references in the VS Code
extension, for javascript source archives.
 2020-05-07 12:44:36 -04:00
Mathias Vorreiter Pedersen
8df25c3025 C++: Add QLDoc 2020-05-07 18:34:26 +02:00
Jonas Jensen
4b9a3f1482 Merge remote-tracking branch 'upstream/master' into dataflow-defbyref-to-field 2020-05-07 16:48:41 +02:00
Jonas Jensen
88eeca39fb Merge commit '52d8acc1a198c5ea29c1dddceda1d6c0fb75de14' into dataflow-defbyref-to-field 
This is a partial merge from master. In particular, it takes in #3382
and #3385.
 2020-05-07 16:46:11 +02:00
Jonas Jensen
5e8bd0a724 C++: Fix variable name in comment 2020-05-07 16:38:15 +02:00
Jonas Jensen
32e04b4033 C++: Support std::addressof 
I didn't add this support in `AddressConstantExpression.qll` since I
think it would require extra work and testing to get the constexprness
right. My long-term plan for `AddressConstantExpression.qll` is to move
its functionality to the extractor.
 2020-05-07 16:30:44 +02:00
Tom Hvitved
948c2f7f7e C++: Add change note 2020-05-07 16:01:55 +02:00
Tom Hvitved
0b85f3fed4 Address review comments 2020-05-07 15:58:46 +02:00
Taus
2502d1c3ed Merge pull request #3410 from RasmusWL/python-fix-3397 
Python: More safe methods for py/modification-of-default-value
 2020-05-07 15:28:24 +02:00
Anders Schack-Mulligen
2561ba82db Merge pull request #3215 from aibaars/validating-object-input 
Java: teach UnsafeDeserialization about ValidatingObjectInputStream
 2020-05-07 14:57:50 +02:00
Cornelius Riemenschneider
1aa7a827af Add QLDoc. 2020-05-07 14:53:41 +02:00
Mathias Vorreiter Pedersen
594f3b1807 C++: Add testcase for #3110 2020-05-07 14:39:53 +02:00
Dave Bartolomeo
e435484740 C++/C#: Fix formatting 2020-05-07 08:39:01 -04:00
Mathias Vorreiter Pedersen
43ffcfe730 C++: Remove abstract keyword from BuiltInOperation 2020-05-07 13:18:12 +02:00
Taus
964b8478dc Merge pull request #3405 from jcreedcmu/jcreed/jump-to-def-python 
Python: Refactor definitions query, add queries for ide search
 2020-05-07 12:51:35 +02:00
Mathias Vorreiter Pedersen
dd0ca34038 C++: Remove abstract keyword from a couple of AST classes 2020-05-07 12:01:07 +02:00
Calum Grant
313c9ac6ec C#: Address review comments. 2020-05-07 10:35:29 +01:00
Rasmus Wriedt Larsen
f099e0fdc6 Merge branch 'master' into python-keyword-only-args 2020-05-07 11:27:11 +02:00
Erik Krogh Kristensen
945fe45b6f all split()[0] are safe for url-redirect 2020-05-07 10:55:17 +02:00
Erik Krogh Kristensen
a3fb13882b Merge branch 'master' into SplitFPs 2020-05-07 10:51:11 +02:00
James Fletcher
29eed6866c Merge pull request #3409 from jf205/sd-68 
"CodeQL for X" docs: update "Further reading" sections
 2020-05-07 09:35:23 +01:00
Dave Bartolomeo
f0e86a9191 C++: Add missing module comment 2020-05-06 17:30:20 -04:00
Dave Bartolomeo
df4fdaf6ff C++: Fix PR feedback 
Note that the various predicates to access the singleton instances of the `EdgeKind` classes have been moved into a module named `EdgeKind`.
 2020-05-06 17:06:48 -04:00
Geoffrey White
c8524522c8 C++: Add test cases. 2020-05-06 18:51:50 +01:00
monkey-junkie
4594aa470d Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-06 18:18:06 +03:00
Cornelius Riemenschneider
e397e5d325 Add new testcase to arraylengthanalysis library. 2020-05-06 16:36:48 +02:00
Cornelius Riemenschneider
1c9fa4eb1d This library proves that a subset of pointer dereferences in a program are safe, i.e. in-bounds. 
It does so by first defining what a pointer dereference is (on the IR
`Instruction` level), and then using the array length analysis and the range
analysis together to prove that some of these pointer dereferences are safe.
 2020-05-06 16:36:48 +02:00
Tom Hvitved
f19b1045d6 Java: Add change note 2020-05-06 15:52:49 +02:00
semmle-qlci
b2f1008a00 Merge pull request #3420 from max-schaefer/js/fix-missing-triple-backtick 
Approved by asgerf
 2020-05-06 13:52:18 +01:00
Jason Reed
5934345fe3 Python: Fix formatting. 2020-05-06 08:48:45 -04:00
Esben Sparre Andreasen
7cc3a5a242 JS: qhelp fixups 2020-05-06 14:46:34 +02:00
Tom Hvitved
ddd62a56cc C#: Add change note for #3110 2020-05-06 14:28:47 +02:00
Anders Schack-Mulligen
f7410739d9 Java: Fix bug in qldoc. 2020-05-06 14:06:49 +02:00
Anders Schack-Mulligen
8c5e89c160 Java: Add PrintAst. 2020-05-06 14:06:40 +02:00
Esben Sparre Andreasen
69191577d6 JS: qhelp for js/unsafe-html-expansion 2020-05-06 14:03:27 +02:00
monkey-junkie
5ce9e0d0a2 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-06 14:32:55 +03:00
Asger F
5725814774 Merge pull request #3403 from asger-semmle/js/getcontainer 
JS: Move getContainer to single rootdef (+fixes)
 2020-05-06 12:06:44 +01:00
Max Schaefer
9335a6cb79 JavaScript: Fix missing triple backtick in qldoc comment. 2020-05-06 11:40:00 +01:00
Arthur Baars
39e652b26b Java: teach UnsafeDeserialization about ValidatingObjectInputStream 
The class org.apache.commons.io.serialization.ValidatingObjectInputStream
is an implementation of ObjectInputStream that validates the deserialized
classes against a white list. Therefore, this class should not be considered an
unsafe deserialization sink.
 2020-05-06 12:15:30 +02:00
Arthur Baars
797721cd31 Test 2020-05-06 12:15:27 +02:00
monkey-junkie
122354a81a Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-06 12:54:50 +03:00
Esben Sparre Andreasen
344f0c36b0 JS: update expected output 2020-05-06 11:18:14 +02:00
monkey-junkie
3314dd0614 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-05-06 11:17:41 +03:00
Rasmus Wriedt Larsen
f1630983d3 Python: Cleanup default-indexing upgrade script 2020-05-06 09:57:07 +02:00
Rasmus Wriedt Larsen
010d5fb769 Python: Fix indexes of keyword-only defaults in upgrade script 
Works like a charm ;)
 2020-05-06 09:57:07 +02:00